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ABSTRACT 



A method and apparatus is provided in a data [voccssing 
system for secunog access to particular files which arc 
stored in a computer- accessible memory media. A file man- 
agement program is provided as an operating system com- 
ponent of the data processing system. A plurality of files arc 
stored in a computer-accessible memory media, iocludlng at 
least one encrypted file and at least one unencrypted file. For 
eadi encrypted file, a preselected portion of the file is 
recorded in memory, a decryption block is generated which 
includes informatioD which can be utilized to decrypt the 
file, and the decryption block is incoiporated in the file in 
lieu of the preselected portion whidi has been recorded in 
memory. Then, a file management program is utilized to 
monitor data processing system calls for files stored in the 
computer-accessible memory media. The file management 
program determines whether the called file has an associated 
decryption block. The called file is processed in a particular 
manner dependent upon whether or not the called file has an 
associated decryption block. 

8 Claims* 28 Drawing Sheets 
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METHOD AND APPARATUS FOR ENABLING 
TRIAL PERIOD USE OF SOFTWARE 
PRODUCTS: METHOD AND APPARATUS 
FOR UTILIZING AN ENCRYPTION HEADER 

This is a continuation of application Ser. No* 08/235 .03 L 
filed Apr. 25, 1994, now U.S. PaL No. 5^98,470. 

CROSS-REFERENCE TO RELATED 
APPUCAnON 

The present applicatioa is related to U.S. patent applica- 
tion Ser. No. 0^35,033, entitled "Method and Apparatus 
for Enabling Trial Period Use of Software Products: Method 
and Apparatus for Utilizing a Deciyption Stub " further 
identified by Attorney Docket No. BT9-93-070. now aban- 
doned; U.S. patent ^plication Ser. No. 08/235,035. entitled 
**Method and Apparatus for Enabling Trial Period Use of 
Software Products; Method and Apparatus for Allowing a 
Tr-and-Buy User Interaction " further identified by Attorney 
Docket No. DA9-94-008. now U.S. Pat No. 5.689 J60; U.S. 
patent application Sct. No. 08/235.032, entitled **Method 
and Apparatus for Enabling Trail Period Use of Software 
Products: Method and Apparatus for Generating a Machine- 
Dependent Identification.** further identified by Att(Hiiey 
Docket No. DA9-94-009. now U.S. Pat No. 5,759,907; and 
U.S. patent appUcation Ser. No. 08/238,418. enUtied 
"Method and Apparatus for Enabling Trial Period Use of 
Software Products: Method and Apparatus for Allowing the 
Distribution of Software Objects,'* further identified by 
Attorney Docket No. DA9-94-01 1. now U.S. Pat. No. 5.563. 
946, all filed on Apr. 25, 1994 by the inventors hereof and 
assigned to the assignee herein, and incoq>orated by refer- 
ence herein. 

BACKGROUND OF THE INVENTION 

1. Technical Field 

The present invention relates in general to tcdiniques fa: 
securing access to software objects, and in particular to 
techniques for tenqxMrarily encrypting and restricting access 
to software objects. 

2. Description of the Related Art 

The creation and sale of software products has created 
tremendous wealth for companies having innovative 
products, and this trend will continue particularly since 
consumers are becoming ever-more coit4>uter literate as 
time goes on. Computer software is difficult to maricet since 
the potential user has little opportunity to browse the various 
products that are available. Typically, the products are 
contained in boxes which arc shrink-wrapped closed, and 
the potential customer has little (x no opportunity to actually 
interact with or experience the software prior to purchasing. 
This causes considerable consumer dissatisfaction with 
products, since the consumer is frequently forced to serially 
purchase a plurality of software products until an acceptable 
product is discovered. This is perhaps one significant cause 
of flie great amount of software piracy which occurs in our 
economy. A potential software purchaser will fi-cqucntly 
^'borrow" a set of diskettes from a friend or business 
associate, with the stated intention of using the software for 
a temporary period. Irequently. such temporary use extends 
for long intervals and the potential customer may never 
actually purchase a copy of the software product, and may 
instead rely upon the borrowed copy. 

Since no common communication channel exists for the 
sampling of software products, such as those created in 
movie theaters by movie trailers, and in television by 



2 

commercials, software manufacturers arc forced to rely 
upon printed publications and direct mail advertisements in 
order to advertise new products and solicit new customers. 
Unfortunately, printed publications frequently fail to provide 

s an accurate description of the product, since the user inter- 
action with the product caimot be simulated in a static 
printed format The manufacturers of computer software 
products and the customers would both be well served if the 
customers could have access to the products prior to making 

10 decisions on whether or not to purchase the product, if this 
could be accomplished without introducing risk of unlawful 
utilization of the product. 

The distribution of encrypted software products is one 
mechanism a software vendor can utilize to distribute the 

15 product to potential users prior to purchase; however, a key 
must be distributed whidi allows the user access to the 
product. The vendor is then forced to rely entirely upon the 
honesty and integrity of a potential customer. Uascnipulous 
or dishonest individuals may pass keys to their friends and 

30 business associates to allow unauthcsized access. It is also 
possible that unscrupulous individuals may post keys to 
publicly-accessible bulletin boards to allow great numbers 
of individuals to become unauthorized users. TVpically. 
these types of breaches in security cannot be easily 

25 prevented, so vendors have been hesitant to distribute soft- 
ware for preview by potential customers. 

SUMMARY OF THE INVENTION 

It is one object of the present invention to fH'ovide a 

30 method and apparatus for distributing software objects from 
a producer to potential users which allows the user a 
temporary trial period without subjecting the software p-od- 
uct to unnecessary risks of piracy or unauthorized utilization 
beyond the trial interval Preferably this is accomplished by 

35 providing a software object on a computer-accessible 
memory media along witii a file management program. 
Prefarably. the software object is revcrsibly functionally 
limited, through one or more particular encryption opera- 
tions. The computer-accessible memory media is shipped 

40 from the producer to the potential user utilizing conventional 
mail and delivery services. Upon receipt, the potential user 
loads the file management program into a user-controlled 
data processing system and associates it with the operating 
system for the data processing systenL Then, the con^)uter- 

A5 accessible memory media is read utilizing the uscr- 
controUed data processing system. The file numagement 
program is executed by the user-controlled data processing 
system and serves to restrict access to the software object for 
a iB'edefuied and temporary trial period. During the tempo- 

50 raiy trial mode of operation, the software object is tempo- 
rarily enabled by reversing die reversible functional limita- 
tion of the software object This is p-eferably acconaplished 
by decryption of the encrypted software object when the 
software object is called by the operating system of the 

55 user-controlled data processing systenL The file manage- 
ment program prefaably prevents copying operations, so 
the encrypted software project is tempCM*arily decrypted 
when it is called by the operating systena. If the potential 
user elects to purdiase the software object, a permanent use 

60 mode of operation is entered, wherein the functional limi- 
tation of the software object is permanently reversed, allow- 
ing unlimited use to the software object by the potential user. 
This facilitates browsing operations which allow the poten- 
tial user to review the software and determine whether it 

65 suits his or her needs. 

The file management program continuously monitors the 
operating system of the user-controlled data processing 
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system for operating system input calls and output calls. The gram processes the called file in a particular manner de^n- 

file management program identifies when the operating dent upon whether or not the called file has an associated 

system of the user-controlled data {X^ocessing system calls decryption block. The incorporation of the decryption block 

for a software object which is subject to trial-interval does not change the size of the encrypted file, thus prevent- 

browsing. Then, the file management system fetdies a 3 ing certain types of processing errors. During the trial 

temporary access key associated with the software object. interval, the encrypted file is maintained in an encrypted 

and then examines the temporary access key to determine if condition, and cannot be copied. If the potential user opts to 

it is valid. Next, the file management program reverses the purchase the software product, a permanent key is provided 

functional Umiution of the software object, and passes it to which results in replacement of the preselected portion to the 

the data processing system for processing. 10 file in lieu of the decryption block. Once the decryption 

It is another objective of the present invention to provide block is removed, the encrypted file may be decrypted to 
a method and apparatus f<x distributing a software object allow unrestricted use by the purchaser. Preferably, the file 
from a source to a user, wherein a software object is management program is utilized to intercept files as they are 
encrypted utilizing a long-Uved encryption key. and directed caUed by the operating system, and to utilize the decryption 
fi-ora the source to the user. The encrypted sctftwarc object is 15 Wock to derive a name for a key file and read the called file, 
loaded onto a user-controlled data processing system having The decryption block of each encrypted file includes a 
a particular system configuration. A numerical machine validation segment which is decrypted by the file manage- 
identification based at least in part upon the particular ment program and compared to a selected segment for the 
configuraUon of the user-controUed data processing system called file to determine whether the key can decrypt the 
is then derived. Next a temporary key is derived which is 20 particular file. If the decrypted vaUdation segment matches 
based at least in part upon the numerical machine idcntifi- a known dear text validation segment, the file is then 
cation and the long-Uvcd encryption key. A long-Uved key dynamicaUy decrypted as it is passed for further processing, 
generator is provided for receiving the ten^xx'ary key and It is yet another objective of the present invention to 
producing the long-lived encryption key. The temporary key provide a method and apparatus in a data processing system 
allows the user to generate for a prescribed interval die 25 for securing access to particular files which are stored in a 
long-lived encryption key to access the software object con^uter-accessible memory media. A file management 
These operations are performed principally by a file man- program is provided as an operating system con^nent of a 
agement program which is curable in a plurality of modes. data processing systcnL In a computer-accessible memory 
These modes include a set up mode of operation, a machine media available to the data processing system, at least cme 
identification mode of operation, and a tenqwrary key deri- 30 encrypted file and one unencrypted file arc stored. The 
vation mode of operation. EHiring the set up mode of encrypted file has associated with it an unencrypted security 
operation, the file management program is loaded onto a stub which is at least partially composed of executable code 
user-controUed data processing system and associated with The file management program is utilized to monitor (he data 
an operating system for the user-controlled data processing processing system calls for a called file stored in Ihe com- 
system. Dturing the machine identification mode of 35 puter accessible memory media, to determine whether die 
operation, the file management program is utilized to derive called file has an associated unencrypted security stub, and 
a numerical machine identification based upon at least on to process the called file in a particular manner dq>endeQt 
attribute of the user-controlled data processing system. Dur- upon whether or not the called file has an associated unen- 
ing the temporary key derivation mode of operation, a crypted security stub. More particulariy, if it is determined 
temporary key is derived which is based at least in part upon 40 that the called file has no associated unencrypted security 
the numerical machine identification. The file management stub, the called file is allowed to be processed. However, if 
program also allows a trial mode of operation, wherein the it is determined diat the called file has an associated unen- 
filc management program is utilized by executing it with the crypted security stub, it must be examined before a decision 
user-controlled data processing system to restrict access to can be made atx>ut whether or not to allow it to be fHXKcssed. 
the software object for an interval defined by the tenq)orary 45 First the unencrypted security stub is examined in order to 
key, during which the long-lived key generatM is utilized in obtain information which allows decryption operations to be 
the uscr-controDed data processing system to provide the performed. Then, the decryption operations are performed, 
long-lived key in response to receipt of at least one input Finally, die called file is allowed to pass for further process- 
including the ten^rary key ing. Preferably, the called file is dynamically decrypted as it 

It is yet another objective of the iwescnt invention to 50 is passed to the operating system for processing. Also, the 

provide a mcAhod and ^aratus in a data processing system unencrypted security stub is separated fix)m die caUcd file 

for securing access to particular files which arc stored in a prior to execution of the called file. However, if die unen- 

corr^er-accessible memory media. A file management crypted security stub accidentaUy remains attached to the 

I^ogram is provided as an operating system component of called file, processing operations must be stopped, and a 

the data processing system, A plurality of files arc stored in 55 message must be posted in order to jH-evcnt tiK processor 

the computer-accessible memory media, including at least from becoming locked-up. 

one encrypted file and at least one unencrypted file. For each E is still another objective of the present invention to 

encrypted file, a preselected portion is recorded in computer provide a method and apparatus for distributing a software 

memory, a decryption block is generated which includes object from a source to a user. A coii^)Uter-accc5siblc 

information which can be utilized to decrypt the file, and the 60 memory media is distributed from the source to a potential 

decryption block is incorporated into the file in lieu of the user. It includes a scrftwarc object which is encrypted uti- 

prcsclectcd portion whirfi has been recorded elsewhere in lizing a predeteimined encryption engine and a long-lived 

computer memory. The file management program is utilized and secret key. An interface program is provided which 

to monitor data processing operation calls for a called file facilitates interaction between the source and the user. Tlie 

stored in the computer-accessible memory media. The file 65 Interface program includes machine identification module 

management program determines whether the called file has which generates a machine identification utilizing at least on 

an associated decryption block. The file management pro- predetermined attribute of the user-controlled data proccss- 
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ing system. It ako further includes a long-lived and secret FIG. 7 is a flowchart rq)rcscntation of vendor and cus- 

kcy generator which receives as an input at least a Xcmporaiy tomcr interaction in accordance with the present invention; 

key and produces as an ou^t a long-lived and secret key. FIGS. 8. 9, 10a and lOh depict user interface screens 

A validation module is provided which tests temporary key which facilitate trial period operations in accordance widi 

determined its validity. The source of the software object 5 the iM-csent invention; 

maintains a tenqwrary key generator which receives as an pjQ ^^^^^ ^ interface which is used to initiate 

input at least a madiine identification and produces an ^ temporary access key; 

oulpuiof theiemporaryl^.Anintcrfaceprogr^^ FIG. 12 is a block diagram depiction of the preferred 

onto the user-controUeddat^ processing system The ^^^ni^ue of generating a machine identifio^^^^ 

machine Identification module is utilized to examine at least lO s * r . 

one predetermined attribute of the user-controlled data pro- FIG- 13 is a block diagram dq>iction of an encrypUon 

cessing system and to generate the machine Identification. operation which is utilized to encrypt a machine 

During interaction between the source and fee user, the identification, in accordance with the present invenUon; 

machine identification is communicated over an insecure FIG. 14 is a block diagram representation of the preferred 

communication channel. At the source of the software 15 technique for generating a jH^oduct k^, in acccsdance with 

object, the temporary key is generated utilizing the machine the present InventioD; 

identification (and o^cr information) as an input to the pjG. 15 is a block diagram representation of a preferred 

temporary key generator. During interaction between the technique utilizing a temporary product key to generate a 

source and tfae user, the temporary key is communicated, real key which can be utilized to decrypt one or more 

typically over an insecure communication channel. Next, the 20 software objects; 

validation module is utiUzed to determine the validity of foe pjQg p ^ j^cferred technique of validating 

tempwary key. The long-Uved and secret key generator is ^ derived in accordance with the block 

then utilized to receive the ten^Kirary key and generate the (iiagrara of FIG 15* 

long-hvedandsecretkeyinordertodeciypt^ ^^^^ 

gainaccesstothesottwareobjea-TTieusaris^ 25 ^^^^ encyrpting a k^file which contains inf^ 

with an import module and an export module which aUow i^ZiT„„ 

for the utiHzation of portable memory media to transfer mdudmg a tcmporaiy product key. 

enciyptcd software object, a key file, and a madiine iden- FIG. 19 is a block diagram depiction of the preferred 

tification file from one machine in a distributed data pro- technique of handling an encryption header m an encrypted 

cessing system to another machine in the distributed date 30 file, in accordance with the present invenUon; 

processing system, while allowing the temporary key to FIG. 20 dqiicts in block diagram form the technique of 

allow temporary trial access to the software object utilizing a plurality of inputs in the user-controlled data 

The above as well as additional objectives, features, and processing system to derive the real key which may be 

advantages of the present invention wiU become apparent in utiUzed to deaypt an encrypted software object; 

the following detailed written dcscc^tion. 35 piQ. 21 depicts a decryption operation utilizing die real 

„™,^„ key derived in accwdance with FIG. 20; 

BRIEF DESCRlFnON OF TOE DRAWINGS 22 is a block diagram depiction of a comparison 

The novel features believed characteristic of the invention operation which is utilized to determine the validity of die 

are set forth in the appended claims. The invention itself. real key; 

however, as well as a preferred mode of use, further objec- ^ pjQ ^3 d^icts a decryption operation utilizing a vali- 

tives and advantages thereof, will best be understood by dated real key* 

lefcrence to foUovring dctafled description of an iUus- ' u^^on of an 

ttadve embodiment when read m conjunction with tfae ^ accordanc^ the present invention; 

accompanying drawings* wherein: ■''^ , * r ^ 

'I^ ^ ^ J* 45 FIG. 29 is a flowchart representation of the preferred 

FIG. 1 is a pictorial representation of a stand-alone data . ^ . . i r I^^r^f^A 

^ I i J • *. c techniaue of orovidine a tnal period of use for an encrypted 

processimg system, a telephone, and a variety of computer- r^-L^ 

accessible memory media all of which may be utilized in the software object; 

implementation of die preferred technique erf enabling trial FIGS. 30 and 31 depict export and import operations 

period use of software products; which may be utilized to perform trial period use operations 

RG. 2 is a pictorial representation of a distributed data « « distributed data processing system; 

jH-ocessing system whicii may utilize the technique of the FIGS. 32 and 33 provide an alternative view of the impart 

present invention of enabUng trial period use of software and expert operations which are depicted in FIGS. 30 and 
products; 

FIG. 3 is a block diagram representation of data process- 33 FIGS. 34 and 35 provide a block diagram depiction of an 
ing system attributes which may be utilized to generate a alternative technique for performing an export/import opera- 
machine identification, in accordance with the present tion. 

inve ntion ; 

„^ ^ . ..1 . J- ^ * * DETAILED DESCRIPTION OF FREFERRED 

FIG 4 IS a block diagram depiction of a routme ut^iAii^ ^^DIMEOT 

encryptmg software objects; eo m:^^^^*^ 

FIG. 5 is a pictorial representation of the cx<liange of The method and apparatus of the present invention for 

information between a source (a software vendor) and a user enabling trail period use of software products can be utilized 

(a customer), in accordance with the teachings of tiie present in stand-alone PCs such as that depicted in FIG. 1, or in 

invention; distributed data (nocessing systems, such as that depicted in 

FIG. 6 is a flowchart represcnUtion of tiie broad steps 65 FIG. X In either event, ten^xarary trial period access to one 

employed in building a user interface shell, in accordance or more software pax)ducts depends upon utilization of the 

with the present invention; trial product on a particular data processing system widi 
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particular data processing system attributes. This is accom- 
plished by encrypting the trial software product utilizing a 
tcn^xirary access key which is based upon one or more data 
processing system attributes. FIG. 3 graphically dq)icts a 
plurality of system configuradon attributes, which may be 
utilized in developing a temporary access key. as will be 
described in greater detail herebeJow. To begin with, the 
environment of the stand-alone data processing system of 
FIG. 1. and the distributed data processing system of FIG. 2 
will be described in detail, followed by a description of 
particular system configuration attributes which are deplrted 
in FIG. 3. 

With reference now to the figures and in particular with 
reference to FIG. 1, there is depicted a pictorial represen- 
tation of data processing system 10 which may be pro- 
grammed in accordance with the present invention. As may 
be seen, data processing system 10 includes processor 12 
whicii preferably includes a graphics processor, memory 
device and central processor (not shown). Coupled to pro- 
cessor 12 is video display 16 which may be implemented 
utilizing either a color or monochromatic monitor* in a 
manner well known in the art. Also coupled to processor 12 
is keyboard 14. Keyboard 14 iH-efcrably comprises a stan- 
dard computer keyboard which is coupled to the processor 
by means of a cable. 

Also coupled to processor 12 is a graphical pointing 
device, such as mouse 20. Mouse 20 is cot9)led to processor 
12. in a manner well known in the ait, via a cable. As is 
shown, mouse 20 may include itfi button 24, and right 
button 26, each of which may be depressed, or "clicked", to 
provide conunand and control signals to data processing 
system 10. While the disclosed embodiment of the present 
invention utilizes a nKHise, those skilled in the art will 
appreciate that any gr^hical pointing device such as a light 
pen or touch sensitive screen may be utilized to implement 
the method of the present Invention. Upon reference to the 
foregoing, those skilled in the art will appreciate that data 
processing system 10 may be implemented utilizing a 
so-called personal computer, sudi as the Model 80 PS/2 
con^uter manufactured by International Business Machines 
C<^poration of Armonk. N.Y. 

While the present invention may be utilized in stand-alone 
data processing systems, it may also be utilized in a distrib- 
uted data processing system, provided the iii^>ort and export 
routines of ttie present invention are utilized to transfer one 
or more encrypted files, their encrypted key files, and 
associated file management programs through a portable 
memory media (such as diskettes or tapes) b^een particu- 
lar data processing units within the distributed data process- 
ing system. While tiie import and expert routines of the 
present invention will be described in greater detail 
herebelow, it is iiiq>ortant that a basic distributed data 
processing system be described and understood. 

FIG. 3 provides a block diagram depiction of a plurality 
of data processing system attributes which may t>e utilized 
to uniquely identify a particular data processing system 
(whether a stand-alone or a node in a distributed data 
processing system), and which further can be utilized to 
generate in the machine identification value which is utilized 
to derive or generate a temporary access product key which 
may be utilized to gain access to an encrypted product for a 
particular predefined trial interval. A data processing system 
may include a particular system bus 60 architecture, a 
particular memory controller 74, bus controller 76, interrupt 
controller 78, keyboard mouse controller 80, DMA control- 
ler 66, VGA video controller 82. parallel controller 84. serial 
controller 86, diskette controller 88. and disk controller 82. 
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Additionally, a plurality of empty or occupied slots 106 may 
be used to identify flie particular data processing systcra 
Each particular data processing system may have attributes 
which may be derived from RAM 70. ROM 68. or CMOS 

5 RAM 72. End devices such as printer 96. monitor 94, mouse 
92. keyboard 90. diskette 100, or disk drive 104 may be 
utilized to derive one or more attributes of the data process- 
ing system which may be processed in a predetermined 
manner to derive a machine identification value. The deri- 

IQ vation of the machine identification value will be described 
in greater detail below. The present invention is directed to 
an efficient method of distributing software programs to 
users which would provide to them a means to try the 
program before obtaining (by purchasing) a license for it. In 

15 accordance with this concept, complete programs are dis- 
tributed to potential users on computer-accessible memory 
media such as diskettes or CD-ROMs. The concept is to 
generate keys that allow the user to access the programs 
from the distributed media. In this environment, a file 

2Q management program provides a plurality of interfaces 
which allows the user to browse the different products. The 
interfaces allow ordering and unlocking of the software 
products contained on the distributed media. Unlocking of 
the software product is accon^lished by the reception. 

25 validation, and recording of a temporary access (decryption) 
key. 

The file management program is resident in the user- 
controlled data processing system and becomes a part of the 
operating system in the user's con^uter. An example of such 

30 a resident i^ograra (in the PC DOS environment) would be 
a resident program TSR, for 'terminate and stay resident* 
operations, that intercepts and bandies DOS file input and 
output operations. When a temporary access key is provided 
to a user, system files are checked to see if this file has been 

35 used in a trial mode of operation before. If the product has 
never been used in a trial mode of operation, the ten:q>crary 
key is saved. Once the trial mode of operation key exists, an 
encrypted ^plication can only be run if it is initiated by the 
file management program. The file management program 

40 win recognize that the application is encrypted and that a 
valid trial mode of operation key exists for the particular 
operation. A valid trial noode of ^>plication key is one that 
has not expired. The trial mode of operation may be defined 
by either a timer, or a counter. A tima* can be used to count 

45 down a particular predefined period (sudi as thiity days); 
alternatively, the counter can be used to deaement through 
a predefined number of trial "sessions" which are allowed 
during the trial mode of operation. If (he key is valid, the file 
management program communicates directly with the TSR 

50 and enables the trial mode of operation for a particular 
encrypted application. The file management program then 
kicks off the encrypted application. The code which Is 
resident in the operating system of the user-controlled data 
processing system maintains control over the operating 

55 system. It monitors the use of the trial mode of operation 
keys to allow files to be decrypted and loaded into memory, 
but prevents the encrypted files fi-om being decrypted and 
copied to tnedia. This Is done by using the operating system 
to determine which applications are trying to access the data 

60 and only allowing the ^^lications that have permissioD to 
access the data to do so. 

FIG. 4 is a block diagram depiction of a routine for 
encrypting software objects. The binary characters which 
make up software object 201 are supplied as an input to 

65 encryption engine 205. Real key 203 is utilized as an 
encryption key in encryption engine 205. The output of 
encryption engine 205 is an encrypted software object 207, 



03/23/2004, EAST Version: 1.4,1 



5,757,908 

9 10 

Encryption engine 205 may be any conveotioDal encryption tributed to users for a try-and-buy trial interval. Then, in 

operation such as the published and well known DES accordance witti step 235. die file jnanagement program is 

algorithm; alternatively, the encryption engine 205 may be loaded from the computcrnaocessiblc memofy media onto a 

an exclusive-OR operation which randomizes software user-confroUed data processing system for execution. The 

object 201. s file management program includes a plurality of interface 

FIG. 5 is a pictorial representation of the exchange of screens whidi facilitate interaction between the vendor and 

information between a source 209 (a software vendor) and the customer, which and which set foith the options avail- 

a user 211 (a potential customer, in accordance with the able to the customer. Thus, in accordance with step 237. the 

teachings of the present invention. The arrows between file management program allows browsing and displays 

source 209 and user 211 rq)resent exchanges of objects or lo appropriate user interfaces. Next, in accordance with step 

information between vendor 209 and 211 . In the exchange of 239, tiie custon^ and the vendor interact, typically over the 

flow 203, con^uter-accessible memory media is directed telephone or electronic mail, to allow the vendor to gather 

from source 209 to user 211. This transfer may occur by US information about the customer and to distribute a tempOTary 

mail delivery* courier dclivciy, express service delivery, or key which allows access to one or more software products 

by delivery through printed publications such as books and 15 which are contained on the computer-accessible memory 

magazines. Alternatively, an electronic document may be media for a predefined trial interval. l^P^^y* interval 

transferred from source 209 to user 211 utilizing electronic will be defined by an internal clock, or by a counter which 

mail or other transmission techniques. In Sow 215. user- keeps nrack of the number of sessions the potential purchaser 

^>ecific information, preferably including a unique machine has with a particular software {XXKluct or products. Step 241 

identification number which identifies the data processing 20 represents the allowance of the trial interval use. Then, in 

system of user 211. is transferred from user 211 to source accordance widi software block 243. the file management 

209 via an insecure coimnunication channel; typically, this program monitors and oversees all input and output calls in 

information is exchanged over the telephone, but may be the data processing system to prevent unaudiorized use of 

passed utilizing electronic mail or other communication the encrypted software products contained on the computer- 

tedioiques. In flow 217. source 209 provides a product key 25 accessible memory media. In die preferred embodiment of 

to user 211. The product key allows ^e product contained in the present invention, the file management program monl- 

the memory media to be ten4>orariiy accessed for a pre- tors for calls to encrypted files, and then determines whctha 

scribed and predefined intervaL This interval is considered access should be allowed or denied before the file is passed 

to be a ^trial** interval during which user 211 may become for imthcr processing. The customer can assess the software 

familiar with the software and make a determination on 30 product and determine whether he or she desires to purchase 

whether or not he or she wishes to purchase the software it If a decision is made to purchase the product, the 

product. User 211 must conmiunicate additionally with customer must interact once again with the vendor, and the 

source 209 in order to obtain permanent access to the vendor must deliver to the customer a permanent key. as is 

software product. The product key allows user 211 to obtain set forth in step 245. The process ends wisen the customer 

access lo the software product for a particular predefined 35 receives the permanent key. decrypts the one or more 

time interval, or for a particular ntmiber of predefined software products that he or she has purchased, and is then 

"sessions.*" As time passes, the user's clock or counter runs allowed ordinary and unrestricted access to the software 

down. At the termination of the trial period, further access is products. 

denied. Theref(M'e. die user 211 must take afBrmative steps FIGS. 8. 9, 10^ and lOfr depict user interface screens 

to contact source 209 and purchase a permanent key which 40 which facilitate trial period operations in accordance with 

is communicated to user 211 and which permanenay the (nesent invention. FIG. 8 depicts an order form user 

unlocks a product to allow unrestricted access to the soft- interface 249 which is displayed when die customer selects 

ware product a 'View otdei^ option from another window. The order form 

The coimnunication between source 209 and user 211 is user interface 249 includes a title bar 251 which identifies 
facilitated by a user interface. The creation of the interface 45 the software vendor and provides a telephone number to 
is depicted in flowdiart form in FIG. 6. The process begins facilitate interaction between the potential customer and the 
at software block 219. and continues at software block 221. vendor. An crder form field 255 is provided which identifies 
wherein source 209 makes language and locale selections one or more software products which may be examined 
which will determine the language and currencies utilized in during a trial interval period of operation. A plurality of 
the interface which facilitates implementation of the trial 50 subfields are provided including quantity subfield 259. item 
period use of the software products. A plurality of software sul^eld 257. description subfield 260. and price subfield 
products may be bundled together and delivered to user 211 253. Delete button 261 allows the potential customer to 
on a single conqxiter-accessible memory media. Therefore, delete items from the order form field. Subtotal field 263 
in accordance with software block 223, source 209 must provides a subtotal of the prices for the ordered software, 
make a d^ermination as to the programs which will be made 55 Payment method icons 265 identify the accq>table forms of 
available on a trial basis on the computer-accessible memory payment Of course, a potential user may utilize the tele- 
media, and the ^propriate fields are completed, in accor- phone number to directly contact the vendor and purchase 
dance with software block 223. Next, in accordance with one or more software products; alternatively, the user may 
software block 225. the programs are functionally limited or select one or more software products for a trial period mode 
encrypted. Then, In accordance with software block 227. the 60 of operation, during which a software product is examined 
shell is loaded along with die computer program products to determine Its adequacy. A plurality of function icons 267 
onto a computer-accessible memory media such as a diskette are provided at the lowermost pordon of order form inter- 
or CD ROM. The process ends at software block 229. face 249. These include a close icon, fax icon, mail icon, 

FIG. 7 is a flowchart representation of vendor and cus- print icon, unlock icon, and help icon. The user may utiUze 

tomcr interaction in accordance with the present invention. 65 a graphical pointing device in a conventional p<Hnt-and-cIick 

The flow begins at software block 231. and continues at step operation to select one or more of these operations. The fax 

233. wherein conQ)utcr-acce$sib]e memory media arc dis- icon facilitates interaction with the vendor utilizing a fac- 
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simile machiDe or facsimile board The print icon allows the 
user to generate a paper archival copy of the interactioQ with 
the software vcdcIot. 

The customer, the computer-accessible memory media, 
and the computer system utilized by the customer are 
identiAed by media identification 269. customer identiiica- 
tioD 273, and machine identification 271. The media iden- 
tification is assigned to the con^Mrter-accessible memory 
media prior to shipping to the potential customer. It is fixed, 
and cannot be altered. The customer identificatioD 273 is 
derived from Interaction between the potential customer and 
the vendor. Preferably, the customer provides answers to 
selected questions in a telephone dialogue, and the vcndcH' 
supplies a customer identification 273. which is unique to 
the particular customer. The machine identification 271 is 
automaticaUy derived utilizing the file management program 
which is resident on the con^jutcr-accessiblc memory 
media, and which is unique to the particular data processing 
system being utilized by the potential customer. The poten- 
tial customer will fffovidc the machine Identification to the 
vendor, typically through telephone interaction, although fax 
interaction and regular mail Int^action is also possible. 

FIG. 9 is a representation of an <xda form dialog interface 
275. This interface facilitates the acquisition of information 
which uniquely identifies the potential customer, and 
includes name field 277, address field 279, phone number 
field 281, facsimile number field 2S3, payment method field 
285, shipping method field 287, account number field 289. 
expiration date field 291, value added tax ID field 293. Order 
information dialog interface 275 further includes print but- 
ton 295 and cancel button 297 whidi allow the potential user 
to delete information from these fields, or to print a paper 
copy of the interface screen. 

FIGS. Ifta and 10b depict unlock dialog interface screens 
301, 303. The user utilizes a graphical pointing device to 
select one or more items which are identified by the content 
item number field 307 and descr^)tion field 309 which are 
con[q>onents of unlock list 305. The interface further 
includes customer ID field 313 and nuchine ID field 315. 
Preferably, the vendor provides the customer identification 
to the customer in an interaction via i^one. fax, or mail. 
Preferably, the customer provides to the vendor the machine 
identification within machine identification field 315 during 
interaction via phone, fax, or mail. Once the information is 
exchanged, along with an identification of the products 
which are requested for a trial interval period of operation, 
a ten^rary access key is provided which is located within 
key field 311. The key will serve to temporarily unlock the 
products identified and selected by the customer. Close 
button 319. save button 317. and help button 321 are also 
provided in this interface screen to facilitate user interaction. 

FIG. 10b depicts a single-product unlock interface screen 
303. This interface screen includes only machine identifi- 
cation field 315. customer identification field 315. and key 
field 311. The product which is being unlocked need not be 
identified in this interface, since the dialog pertains only to 
a single product, and it is assumed that the user knows the 
product for which a temporary trial period ctf operation is 
being requested. Save button 317, cancel button 319, and 
help button 321 are also provided in this interface to 
facilitate operator interaction. 

FIG. II depicts a user interface screen which is utilized in 
unlocking the one or more encrypted products for the 
conunencement of a trial interval mode of operation. The 
starting date dialog of FIG. 11 is displayed after the ^'SAVE** 
push button is selected in ttie unlock dialog of either FIG. 
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lOa or FIG. lOfc. The user will be prompted to verify the 
correct starting date which is provided in date field 310. The 
user responds to the query by pointing and clicking to either 
the *'continuc" button 312. the "cancel" button 314, or the 

5 '*help** button 316. The date displayed in field 310 is derived 
from the system dock of die user-controlled data processing 
systenL The user may have to modify the system clock to 
make the date correspond to the ofGdal or stated date of 
coouncncement of the trial period of operation. 

10 A trial interval operation can take two forms: one form is 
a functionally disabled product that allows a user to try all 
the features, but may not allow a critical function like 
printing or saving of data files. Another type of trial interval 
is a fully functional product that may be used for a limited 

15 time. This requires access protection, and allows a customer 
to try all the functions of a product for free or for a nominal 
fee. Topically, in accordance with the present invention, 
access to the product is controlled through a *timed*' key. 
The trial period for using the product is a fixed duration 

20 determined by the vendor. The trial period begins when the 
key is issued. In accordance with the present invention, the 
products bdng previewed during the trial interval of opera- 
tion can only be run from within a customer shell. A 
decryption driver will not allow the encrypted products to be 

25 copied in the clear, nor will it allow tiic product to l>e run 
outside the customer's shell In an alternative embodiment 
the trial interval is defined by a counter which is incremented 
or decremented with each "session** tiie customer has with 
the ptxluct This may allow ^e customer a predefined 

3D number of uses of the product before decryption is no longer 
allowed with the temporary key. 

The limits of the ten^rary access key are built into a 
"control vector^ of the key. Typically, a control vector will 
indude a short description of the key. a machine identifi- 

35 cation number, and a formatted text string that includes the 
trial interval dau (such as a dock value or a counter value). 
The control vector caimot be altered widiout breaking the 
key. When a protected software product is run, the usage 
data must be updated to enforce the limits of the trial interval 

40 period of operation. In order to protect the dock or counter 
from tampering, its value is recorded in a nuiltiple number 
of locations, typically in encrypted files. In the preferred 
embodiment of the present invention, the trial interval 
information (clock value and/or counter value) is copied to 

45 a "key file" which will be described in further detail 
herebdow. to a machine identification file, which will also 
be discussed herebdow, and to a system file. When access 
to an encrypted program is requested, all of these locations 
are checked to determine if the value (ot the clock and/or 

50 counter is ttie same. It is unlikely that an average user has the 
sophistication to tan^r successfully with all three files. In 
the prefened embodiment a combination of a clock and a 
counter is utilized to prevent extended use of backup and 
restore operations to reset the system dock. Although it is 

53 possible to reset a PC*s dock each time a trial use is 
requested, this can also be detected by tracking the date/time 
stands of certain files on the system and using the most 
recent date between file date/time stan^ and the system 
clock. As stated above, one of the direc locations the timer 

60 and/or counter infonmition is stored is a system file. When 
operating in an OS/2 operating system, the time and usage 
data can be stored in the system data files, such as the 
0S2.INI in the 0872 operating system. The user will have to 
continuously backup and restore these files to reset the trial 

6S and usage data. These files contain other data that is sig- 
nificant to the c^>eration of the user system. The casual user 
can accidentally lose important data for other applications 
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by restoring these files to an older version. In the present file management program has determined that the product 
invention, these protection techniques greatly hinder a dis- key is a good product key and can be utilized for temporary 
honest user's attempts to extend the trial interval use beyond access to die software products. Therefore, if the compare 
the authorized interval. matches, the key is stored on the user-controUed data 
In broad overview, in the present invention, the vendor 5 processing system in a key file. Preferably, die key file 
loads a plurality of encrypted software products onto a contains the product key, a customer key (which is generated 
computer-accessible memory media, such as a CD ROM or from the customer number and an internal key generating 
magnetic media diskette. Also loaded onto the conuHitcr- ^^^y) and a clear ASOI string containing the machine 
accessible memory media is a file management program identification. AU three items must remain unchanged in 
which perfOTms a plurality of functions, including the func- 10 ^^^^ decryption tool to derive the real encryption 
tion of providing a pluraUty of user interface screens which ^ey. To further tie tiie key fUe to this particular user- 
facilitate interaction between the software vendor and the controUed daU processing system, the same key file is 
software customer. The conqwter-accessible memory media encrypted with a key that is derived from system parameters, 
is loaded onto a uscr-controUcd data processing system, and These system parameters may be dcnvcd from the configu- 
the file management program is loaded for execudon. The 15 j^ocessmg system, 
file management program provides a pluraHty of user- Stated broadly, in the j^esent invention the temporary key 
interface screens to die software customer which gadiers (which is given verbally over the phone, typicaUy) is acatcd 
information about the customer (name, address, telephone from an algorithm diat utilizes encryption to combine the 
number, and billing information) and receives the customer ^ with a customer number, the machine identificaUon 
selections of the software products for which a trialinterval 20 nwnber, and other j^cdefined clear text Thus, the key is 
is desired. Information is exchanged between the software effective for a single machine: even if the key were to 
vendor card customer, including: a customer identification be given to another person, it would not unlock die program 
number, a product identification number, a media idcntifi- on that other pcrson*s machine. This aUows the software 
cation number, and a machine identification number. The vendor to market s<rftware jffograins by distributing corn- 
vendor generates die customer identification number in 25 pletc programs on computer-accessible mem«y media such 
accordance with its own internal record keeping. Preferably, as diskettes or CD ROMs, without significant risk of the loss 
the represcntaUvc of the software vendor gathers informa- of licensing revenue. 

tion from the software customer and types this infcvmation Some of the prefen^ unique attributes of the system 

into a csublished blank form in wder to identify the poten- which may be utilized for cnciypdon c^rations include (he 

tia] software customer. Alternatively, the software vendor 30 hard disk serial number, the size and format of the hard disk, 

may receive a facsimile or mail transmission of the com- the system model number, the hardware interface cards, the 

pleted order information dialog interface screen 275 (of FIG. hardware serial number, and other configuration parameters. 

9). The distributed memory media (such as CDs and The result of diis technique is that a machine identification 

diskettes) also include a file management program which is file can only be decrypted on a system which is an identical 

used to generate a unique machine identification based at 35 clone of the user-controlled data processing system. This is 

least in part upon one attribute of the user-controUed data very difficult to obtain, since most data processing systems 

processing system. This machine identification is preferably have different configurations, and the configurations can 

a random eight-bit number which is created during a one- only be matched through considerable effort These features 

time setup process. Preferably, eight random bits are gen- will be described in detail in the following written descr^)- 

erated from a basic random number generator using the 40 ^on. 

system time as the "seed** for the random number generator. Tliming now to FIG. 12, the file management program 
R-cferably, check bits arc added in the final result. Those receives the distributed computer-accessible memory media 
check bits are critical to the order system because persons with encrypted software products and a file management 
taking orders must key in the machine ID diat the customer program contained therein. The file management program 
reads over the phone. The check bits allow for instant 45 assesses the configuration of the user-controUed data pro- 
verification of the machine ID without requiring the cus- cessing system, as represented in step 351 of FIG, 12. The 
tomier to repeat the number. Preferably, a master file is user-spedflc attributes of the data processing system are 
maintained on die user-controlled data processing system derived in step 353, and provided as an input to machine 
which contains the clear text of the machine identification Identification generator 355, which is preferably a random 
and an encrypted version of die machine identification. 50 number generator which receives a plurality of binary diar- 
When the software customer places an order for a tem- acters as an ii^ut and generates a pseudo-random output 
porary trial use of the software products, he or she verbally which is representative of machine identification 357. The 
gives to die telephone representative of the software vendOT process employed by madiinc idcntificaticm generator 355 is 
the machine identification. In return, the telejAone repre- any conventional pseudo-random number generator which 
sentative gives the software customer a product key which 55 receives as an iiqHit of binary characters, and produces as an 
serves as a temporary access key to the encrypted software output a plurality of pseudo-random binary characters, in 
products on the computcrnaccessible memcay media, as well accordance with a predefined algorithm, 
as a customer identification number. Preferably, the product Wdi reference now to FIG. 13, machine identification 
key is a functiwi of the machine identification, the customer 357 is also maintained within die file management iMogram 
number, the real encryption key for die programs or pro- 60 in an encrypted form. Machine identification 357 is suppUed 
grams ordered, and a block of control data. The software as an input to encryption engine 359 to produce as an output 
customer may verify the product key by combining it with the encrypted machine identification 361. Encryption engine 
die customer number, and an identical block of control data 359 may comprise any convention encryption routine, such 
to produce die real encryption key. This key is tfien used to as die DES algorithm. A key 363 is provided also as an input 
decrypt an encrypted validation segment, to allow a compare 63 to encryption engine 359, and in^acts the encryption opera- 
operation. If the encrypted validation segment is identical to tion in a conventional manner. Key 363 is derived from 
known clear text for the validation segment then the user*s system attribute selector 365. The types of system attributes 
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which are candidates for selection include system attribute posted to the user-controlled data processing system in 

listing 367 which includes: the hard disk serial number, the accordance with step 395. 

size of the hard disk, the format of the hard disk, the system Turning now to FIG. 18» key file 397 is depicted as 

model number, the hardware interface card, the hardware including the temporary product key. the customer key 

serial number, or other configuration parameters. 3 (which is an encrypted version of the customer number), the 

-*t. *u j««-„ri^« fKc. M^^^ machine identification number in clear text and the tnal 

In accordano; with ^^F^ent mvenuon. the clear text ^j^terval data (such as a clock and/or counter value). This key 

machine identification 357 and the encrypted machme iden- ^ suppUed as an input to encryption engine 399. Key 401 

tification 361 arc maintained in memOTy. Also, in accordance . ^ provided as an input to encryption engine 399. Key 

with the present invention, the file management program ^^^^ ^^^^^^ ^^^^^^ attributes 403, such as 

automatically posts the dear text machine idenuficauon 357 ^ attributes utiUzed in deriving the machine 

to the api^opriate user intafacc screens. The user then idcntificaaoii number. EncrypUon engine 399 provides as an 

communicates the noachine identification to the software ^ encrypted key file 405. 

vendor where it is utilized in accordance with the block ^ ^2, and 23 depict operations of the file 

diagram of no. 14 As is shown, produrt k^^^^ management program after a temporary access key has been 

engine 375 is maintained withm me conto>l of the software 15 ^^J^^^^^^^s^^^^^^^^^ 
vendor. This product key encryption engme 375 receives as 

an input: the machine identification 357. a customer number . ^, , p .u^ 

i^itr u . . J . *u * - „MfK FIG. 19 is a block diagram representation of the steps 

369 (which is assigned to the customer in accwdance with /.^ „,k.„ ««ft«/«ry^ nrrvinrt i< 

the interaal record keeping of this software vendor), the real w*"* performed when an encrypted^oftwarc product is 

uiz mifziuM t^^n B ^„t*uJ^.^ft,„^r» 20 Called for OTocessing by the user-control data processing 

encryption key 371 (which is utilized to decrypt the software ^tui^ l^^yl aac - f ^^a l^'i^^^^ 

prS maintained od the compu«er-acce«ible memory 'V^^ The encoTpted file 405 b fcteh^. and a^ate" 

media within the custody of ttTsoftware customer), a P^on 407 is r«.d by the usei^ontioUed data processing 

u, u . VVt^ / J J. L- K- ™--rf.fi ™.H f wrtiirai systeiiL Thc header has a numbw of components mcluding 

oont«>l blockt«t373(wh^<* '^.^.^V^'^^?^^^ ^ location of the key file. The location of the key file is 

poruon). and trial mtenral ^J'*. ^^"L"^^ ^ utilized to fetch the key file in accordance with step 409. The 

counter value which define the tnal "'terva^of Pwdiia 25 includes an encrypted validation t«t411.n.e 

key encryption engine produces as an output a product key nwuci luxiua muuv^o ausuwjt. 

3^.Prodictkey377,mybeoommunicai;dtothesoftware <=""yP',^ ^»^<»»''<»'' « ^.^'^'^.J^, J^' "/Jj 

w>//,iriwuvnw^7 / ,^ controlled data processing system. As IS Stated above (and 

customer via an »^^,<J"^<= ^'^^^'^^^^ depicted in noift) the kej file includes the product key 

riskofrevealmgrealk^^^^ 419. a customer key il7,and'themachiiie identification 415. 

eacrypUonoperation.andsiDcctheprodurtk^^^^ ^ decrypUon engine 413. 

be utilized on a date P'^^'^'^l^y'^^^^ Decryption e^iBC 413 provides as an J^tput real key 421. 

ration identical to that from which machme identificaUon 3,^^,^ fc %21 is udUzed to decrypt eo^ 

357 has been derived, access to thc encrypted software i>wurc ic<u i^cy i» uu^ix* w 

^/ lioa u^u ««iTw. /r— products on the distributed memory media, it is tested to 

product IS maintamed m a secure condition. determine its vaUdity. HG. 21 is a block diagram of the 

Upon delivery of product key 377. thc file management yaUdation testing. Encrypted vaUdation text 423, which is 

program resident in the user-controlled data p-occssing contained in the "header", is provided as an input to deoyp- 

system utilizes real key generator 379 to receive a plurahty ^^^^ ^^S, Real key 421 (which was derived in the 

(rf inputs, including product key 377, customer number 369. operation of HG. 20) is also suppUed as an Input to 
control block text 373, machine identification 357 and trial ^ decryption engine 425. Decryption engine 425 provides as 

interval data 374. Real key generator 379 produces as an ^^^^ vaUdation text 427. As is set forth in block 

output the derived real key 381. diagram form in FIG. 22, clear validation text 427 is 

Encryption and decryption algorithm utilized to perform supplied as an input to comparator 429. The known dear 

die operations of the product key encryption engine 375 and validation text 431 is also supplied as an input to comparator 

die real key generator 379 (of FIGS. 14 and 15) is described 429. Comparator 429 determines wh^er the derived clear 

and claimed in co-pending validation text 427 matches thc known clear validation text 

U.S. patent application Scr. No, 07/964 J24, filed Oct 21, 431. If the texts matdi, thc software object is decrypted in 

1992, entitled •'Method and System for Multimedia Access accocxlaiice with step 433; however. If the validation text 

Control Enablement", which is incorporated herein as if portions do not match, a warning is post in accordance with 
fully set forth. 50 step 435. FIG. 23 is a block diagram dq)iction of the 

Next, as is depicted in FIGS. 16 and 17, thc derived real decryption operation of step 433 of nG. 22. The encrypted 

key 381 is tested to determine the validity and authenticity software object 437 is applied as an input to decryption 

of the product key 377 which has been provided by the engine 439. Thc validated real key 441 is also supplied as an 

software vendor. As is shown, thc derived real key 381 is input to decryption engine 439. Deayption cngme 439 
suppUed as an input to encryption engine 385. A predeter- 55 suppUcs as an output thc decrypted software object 443. 

mined encrypted vaUdation data segment 383 is suppUed as The encryption header is provided to aUow for die deter- 

the other input to enciypUon engine 385, Encryption engine mination (rf whether or not a file is encrypted when that file 

suppUcs as an ou^ut derived dear vaUdation text 387. Then. is stored with dear-text files. In providing the encryption 

in accordance with FIG. 17. the derived dear vaUdation text header for the cnayptcd file, it is important that thc file size 
387 is compared to thc known dear vaUdation text 391 in 60 not be akered because the size may be checked as part of a 

conq)arator 389, ComparaiOT 389 simply performs a bit-by- vaUdation step (unrelated in any way to thc concept of the 

bit comparison of thc derived clear vaUdation text 387 with present invention) during instaUation. Therefore, making the 

the known dear vaUdation text 391. If the derived dear file larger than it is suppose to be can create operational 

validation text 387 matches the known clear vaUdation text difficulties during instaUation of the software. The encryp- 
391. a key file is created in accordance with step 393; 65 lion header is further necessary since thc file names asso- 

however, if the derived clear vaUdation text 387 does not dated widi the encrypted software products cannot be 

matdi the known clear vaUdation text 391. a warning is modified to reflect the fact that the file is encrypted, because 
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the other software applications that may be accessing the with FIG. 18) the key file Includes the product key. a 

encrypted product will be accessing those files utilizing the customer key, and the clear machine ID. All three of these 

odgiDai file names. Thus, altering the file name to indicate pieces of information arc required in order to generate the 

that the file is encrypted would prevent beneficial and real key (in accordance witii HG. 20). Enaypted validation 

desired communication between the encrypted software 5 segment 457 includes the encrypted validation text which is 

produa and other, perhaps related, software products. For utilized in the routine dq>icted in FIG. 21 which generates 

example, spreadsheet applications can usually port portions a derived clear validation text which may be con^>ared 

of the spreadsheet to a related word processing program to utilizing the routine of FIG. 22 to the fcnowa dear validation 

allow the integration of financial information into printed text. Only if the derived clear validation text exactly matches 

documents. Changing the hard-coded original file name for the known clear validation text can the process continue by 

the word processing program would prevent the beneficial utilizing the derived and validated real key to decrypt tfic 

communication between these software products. The encrypted software product in accordance with the routine of 

encryption header of the present invention resolves these FIG. 23. However, prior to performing the decryption opera- 

{H'oblems by maintaining the encrypted file at its nominal file tions of FIG. 23. the contents of the corresponding side file 

length, and by maintaining the file name for the software must be substituted back into the encrypted software product 

product in an unmodified form. in lieu of encryption header 451. This ensures that the 

FIG. 24 graphically depicts an encrypted file with enoryp- encrypted software product is complete prior to the 00m- 

tion header 451. The encryption header 451 includes a mencement of decryption operations, 

plurality of code segments, including: unique identifier Each time a file is caLed for processing by the operating 

portion 453. the name of the key file portion 455, encrypted jo system of the user-controlled daU processing system, the file 

validation segment 457, encryption type 459, ofi^set to side management Ingram which is resident in the operating 

file 461. and encrypted file data 463. Of course, in this view. system intercq[)ts the input/output requests and examines the 

the encrypted file data 463 is representative ctf the encrypted front portion of the file to determine if a decryption block 

software product, such as a word pxKiessing program or identifier, such as unique identifier 453, exists at a particular 

spreadsheet. The encryption header 451 is provided in place 25 known location. For best pcrf otmance. as is depicted in FIG. 

of encrypted data which ordinarily would comprise part of 24, this location will generally be at the beginning of the file, 

the encrypted software jH-oduct. The encryption header is If the file management program determines that the file has 

substituted in the place of the first portion of the encrypted the decryption block, the TSR will read the block into 

software product In order to place the encryption header memory. The block is then parsed in order to build a fiilly 

451 at tiie front of the encrypted software jMWluct of 30 qualified key file name by copying an environment variable 

encrypted file data 463, a portion of the encrypted file data that specifies the drive and directory containing the key files 

must be copied to another location. Offset to side file 461 and concatenating tiie key file name from the encryption 

identifies that side file location where the displaced file data block. The TSR then attempts to c^n the key file. If the key 

is contained. file does not exist, the TSR returns an "access denied" 

FIG. 25 gra^cally depicts the relationship between the 35 response to the application which is attempting to open the 

directory of encrypted files and the side files. As is shown, encrypted file. If the key file is determined to exisU the TSR 

the direaory of encrypted files 465 includes file aaa, file bbb, opens the key file and reads in the keys (the product key. the 

file ccc, file ddd, tfirou^ file nnn. Each of these files is customer key, and the machine identification) and generates 

representative of a directory name for a particular encrypted the real key. This real key is io use to decrypt the dccryirtion 

software product Each encrypted software product has 40 block validation date. As is stated above, a comparison 

associated with it a side file which contains the front portion operation determines whether this decryption operation was 

erf the file which has been displaced to accommodate encryp- successful If the conq>are fails, the key file is determined to 

tion header 451 without altering the size of the file, and be **invaUd**, and the TSR returns an **access denied mes- 

without altering the file name. File aaa has associated witii sage** to the application which is attempting to open the 

it a side file AAA. Software product file trt)b has associated 45 encrypted software product However, if the compare is 

with it a side file BBB. Encrypted software product ccc has successful, the file management iMt>gram prepares to decrypt 

associated with it a side file CCC. Encrypted software the file according to Ihe encryption type found in the 

product ddd has associated with it a side file DDD. encryption header. The TSR then returns a valid file handle 

Encrypted software product nan has associated with it a side to the calling application to indicate that the file has been 

file NNN. In FIG. 25. directory names 467, 469, 471, 473, 50 opened. When the application reads data from the encrypted 

475 are d^icted as being associated with side files 477, 479, file, the TSR reads and decrypts this data before passing it 

481, 483. and 485. The purpose of the side files is to allow back to the application. If the daU requested is part of the 

each of the encrypted software products to be tagged with an displaced data that is stored in the side file, the TSR will read 

encryption header without changing &c file size. the side file and return the aj^opriate decrypted block to the 

EnoypUon type segment 459 of the encryption header 55 caUing qjpUcation without the calling appUcation being 

451 identifies the type of encryption utilized to encrypt the aware that the data came from a separate file, 

encrypted software product Any one of a number <rf con- While the broad concepts of the encryption header are 

ventional encryption techniques can be utilized to encrypt depicted in FIGS. 24 and 25, die more particular aspects of 

ttie product, and dififCTcnt encryption types can be utilized to creating the encrypted files are depicted in FIGS. 26, 27, and 

encrypt different software products contained on the same 60 28. FIGS. 27 and 28 depict two types of data files. FIG. 27 

memwy media. Encryption type segment 459 ensures that depicts a non-executing data file, while FIG. 28 depicts an 

the ^propriate encryption/decryption routine Is called so executing data file. FIG. 26 depicts a header 499 which 

that (be encrypted software product may be decrypted, includes signature segment 501, header LEN 503, side file 

provided the temporary access keys are valid and not index 505, side file LEN 507, decryption type identifier 509, 

expired. The name of key file segment 455 of encryption 63 verification data 511, and key file name 518. As is shown in 

header 451 provides an address (typically a disk drive FIG. 27, a software product t)egins as a clear file 521. and 

location) of the key file. As is stated above (in connection is encrypted in accordance with a particular encryption 
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routine into encrypted file 523. Encryption type segment 509 for input/output calls to the memoiy media. Then, in accOT- 

of header 499 identifies the type of encryption utilized to dance with software Wock 6^5, for each input/ou^ut call 

change clear file 521 to encrypted file 523. Next, the front the called file is intcrcq)tcd, and in accordance with software 

portion of encrypted file 523 is copied to side file 527 which block 607 the operating system is denied access to the called 

is identified by side file index 505 and side file LEN 507 of 3 file, until the file management program can determine 

header 499. Additionally, a copy of the clear text of the whether access should be allowed or not. A portion of the 

verification data is also included in side file 527. Then. called file is read where the decryption block should be 

header 499 is copied to the firont portion of encrypted file located. This portion of the called file is then read, in 

523 to form modified encrypted files 525. A similar process accordance with software block 609, to derive a key file 

is cn^jloycd for executing files, as depicted in FIG. 2S. The lO address in accordance with software block 611. The address 

clear text copy of the software product (represented as clear which is derived is utilized to fetch the key file, in accOT- 

filc 531) is encrypted in accordance mth a conventional dance with software block 613. In accordance with decision 

routine, to form encrypted file 533. The front portion of block 615, if the key file cannot be located, the process cads 

encrypted file 533 is copied to side file 539 so that die at software block 617; however, if it is determined in 

overlaid data of encrypted file 533 is preserved. 15 decision block 615 that the key file can be located, the key 

Furthermore, side file 539 includes a copy of the clear text is derived in accordance with software block 619, The 

of the verification data. Then, the encrypted file 533 is derived key is then utilized to decrypt the validation segment 

modified by overlaying and executable stub 537 and header which is located within the encryption header, in accordance 

599 onto the first portion of encrypted file 553. with software block 621. In decision block 623, the decryp- 

Thc purpose of executable stub 537 of FIG. 28 wiU now 20 tion validation segment is con^)ared to the clear text fw foe 

be described. TTic DOS operating system for a personal decryption vaUdation segment; if it is delenmned that the 

computer will tiy to execute an eDcryptcd application. This decrypted segment docs not match &e known clear twt 

can result in a system ^liang** or unfavorable action. The segment the process contmues at software block 625 by 

executable stub 357 of the executing file of HG. 28 is ending; howcvCT, if it is detcrmmed in decision block 623 

utilized to protect the user from atten^Jting to execute 25 that the decrypted vaUdation segment does match the known 

Plications diat arc encrypted: there would be considerable clear text validation segment, the process continues as 

risk that a user would hang his system or format a drive if software block 627. wherem access to the caUed file is 

he or she try to run an encrypted file. Tlie executable stub is aUowed. Tten. the detrypUon typcis ^^ad from Uie deayp- 

attached to the front potion of the encrypted software Uon header m accordance with software block 629. and the 

product so that this stub is executed whenever the applica- 30 called file is dynamically decrypted m accordance with 

Son is run without the instaUedTSR or run from a drive the software block 631 as it is passed for processing by the 

TSR is not 'hatching". This stub will post a message to the operating system of the usCT-controUed j^ocessmg 

user that explains why the appUcation cannot run. In addl- system, in accordance with so^vare block 633. The process 

don to providing a message, this executable stub can be used terminates at software block 635. 

to perform sophisticated actions, such as: 35 If unauthorized execution of an encrypted file is 

.Vv. 1- . a. * I *, Tco^™^:..**.!! attempted, the cxecuublesmb will at least temporarily deny 

(1) it can dupUcate the functionahty of the TSR and mstaU ^^^^ , ^ ^le system, but may handle the 
dynamic encrypuon before fackmg off the apphcation ^^^^ ^P^^ ^ sophisticated ways which were 
a second tmie; enumcxated above. 

(2) itcantumonaten^rary access key and bck off the ^ ^ accordance with the preferred embodiment of the 
application a second time; present invention, during die trial interval, or at the conclu- 

(3) it can communicate with the TSR and inform it to look sion of the trial interval, the prospective purchaso* may 
at the drive the application is being run from. contact the vendor to make arrangements for the purchase of 

The executable stub is saved or copied into the encrypted a copy of the one or more software products od the 

program as follows: 43 computer-accessible memory media. Preferably. CD ROMs 

(1) the application is encrypted; or floppy disks have been utilized to ship the jroduct to the 

(2) a decryption block is created for this j^ogram; Potential user. Preferably, the con^tcr-accessiT>le memory 
\. / ^ ^ . ^ ^ J media includes the two encrypted copies of each of the 

(3) a pre-bmlt executable stub is attached to the front end ^^^^^^ ^^^^ ^^^^ tridkterval of use. One 

of the deaypuon biocic; ^ encrypted copy may be decrypted utilizing the file manage- 

(4) the length of tfie combined decryption header and program and the temporary key which is communi- 
executable stub is dctcnnincd; the vendor to the purchaser. The other encrypted 

(5) the bytes at the front of the executable file equal to this copy is not provided for use in the trial interval mode of 
length are then read into memory, preferably into a operation, but instead is provided as the permanent copy 
predefined side file location; and 35 which may be decrypted and utilized once the software 

(6) the encryption header and executable stub are then product has been purchased. In broad overview, the user 
written over the leading bytes in the executable code. selects a software product fcr a trial interval mode of 

The TSR can determine if an executable is encrypted by operation, and obtains from the vendor temporary access 

searching beyond the "known size" of the executable stub keys, which allow the user access to the product (through the 

for the decryption block portion. When the TSR decrypts the 60 file management program) for a predefined trial interval, 

executable smb it accesses the side file to read in 'the bytes Before or after the conclusion of the trial interval, the user 

that were displaced by the stub and header block. may purchase a permanent copy of the software product 

FIG. 29 provides a flowchart representation of operation from the vendor by contacting the vendor by facsimile, 

during a trial period interval, which begins at software block electronic mail, or telephone. Once payment is received, the 

601. In accordance with software block 603, the file man- 65 vendor communicates to the user a permanent access key 

agement program located in the operating system of the which is utilized to decrypt the second encrypted copy of the 

user-controlled data {vocessing system continually monitors software product. This encrypted product may be encrypted 
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Utilizing any conventioaal encryption routine, such as the immediately the key files are encrypted utilizing an encryp- 

DES algcyithm. The pcnnancnt key allows the software tion operation which is keyed with a key which is uniquely 

fwoduct to be decrypted for unrestricted use. Since multiple associated with the target computer, and which may be 

copies of the product may be purchased in one transaction. derived from one or more unique con^ter configuration 

the present invention is equipped with a technique fcM: 5 attributes. The first embodiment is discussed herein in 

providing movable access keys, which will be discussed cormcction with FIGS. 30, 31. 32. and 33. The second 

below in connection with FIGS. 30 through 35. In the embodiment is discussed in connection with FIGS. 34 and 

j^eferred embodiment of die present invention, the cncryp- 35. 

tioQ algorithm en^iloyed to encrypt and decrypt die second FIGS. 30 and 31 depict in block diagram form cxpon and 

copy of the software product is similar to that employed in lo import q)erations which allow an audiorizcd user to move 

the trial interval mode of operation. his permanent key to another data processing system using 

The p-esent invention includes an export^lmport function an "export** facility that produces a unique diskette image of 
which allows for the distribution of permanent access keys. the access key that has been enabled for in^wrt into another 
after the conclusion of a trial interval period. TVpically. an system. In accordance with the present invention, the access 
office administrate or data processing system manager will 15 keys which arc delivered over the telephone by the software 
purchase a selected number of "copies'* of the encrypted vendor lo the customer are less than 40 bytes in length. The 
product afta termination of a trial interval paiod. Certain key file that is produced is over 2,000 bytes in length. An 
individuals within the organization will then be issued export facility is provided for copying the key file and ihe 
permanent keys which allow for the unrestricted and per- machine identification file to a diskette. Both files are then 
manent access to the encrypted product. In an office or work 20 encrypted with a modified diskette serial number to Inhibit 
environment where the computing devices are not connected these files from being copied to a public forum whae 
in a distributed data processing network, the permanent anyone could use them. An import facility provided in 
access keys must be communicated from the office admin- another system decrypts dicsc files and adds the product key 
istrator or data processing manager to the selected individu- and machine identification from the diskette, to a list of 
als within an organization who are going to receive copies 2S import fH-oduct keys and machine identifications in the 
of the encrypted software product. The permanent keys imfxrt systems master file, and copies the key file to the 
allow for permanent access to the product. Since not all im|>Qrt system hard disk. The key file is encrypted on the 
ercployees within an organization may be issued copies of import system as is disclosed above, 
ttie particular encrypted product, the vendor would like to FIG. 30 is a block diagram depiction of an export opera- 
have the distribution occur in a manner which minimizes or 30 tion in accordance with the preferred embodiment of the 
prevents the distribution Ixyond the sales agreement or present invention. As is shown, source computer 651 
license agreement Since ttie products arc encrypted, they includes a key file 6S3 and a machine identification file 6SS, 
may be liberally distributed in ttieir encrypted form. It is the Key file 653 includes the product key. the customer key, the 
keys which allow unrestricted access to the product which clear text of the machine identification for source computer 
are to be protected in the current invention. To prevent the 35 653, trial interval data (such as a clock and/or counter which 
distribution of keys on electronic mail or printed define the trial interval period), and an export counter which 
communications, the present invention includes an export performs the dual functions of defining the maximum num- 
program which is resident in a source con^uter and an bcr of export <^)arations allowed for fee particular protected 
import {»x)gram which is resident in a target computer which software products and keeping track of the total number of 
allow fcM" the distribution of the access keys via a removable 40 export operations which have been accomplished. The 
memory media, sudi as a floppy diskette. This ensures that machine identification file includes the machine identifica- 
the access keys are not subject to inadvenent or accidental tion number and trial interval data (such as a dock and/or 
distribution or disclosure. There are two principal embodl- counter which defines the trial interval period). Both key file 
ments which accomplish this goal. 653 and machine identification file 655 are encrypted with 

In the first embodiment one or mere encrypted files 45 any conventional encryption operation (such as the DBS 

which are maintained in the source computer are first algorithm), which is keyed with a key whidi is derived fi'om 

decrypted, and then encrypted utilizing an encryption algo- a unique system attribute of source computer 651. At the 

rithm and an encryption key which is unique to the trans- commencement of an export operation, key file 653 and 

portable memory media (such as a diskette serial number), machine identification file 655 are decrypted. Key file 653 is 

The key file may then be physically carried via the diskette so supplied as an iiq)Ut to decryption operation 657 which is 

to a target computer, where it is decrypted utilizing a key keyed with key 659. Likewise, machine identification file 

which is derived by the target computer firom interaction 655 is supplied as an input to decryption operation 663 

with the transferable memory media. Immediately, the key wtddti is keyed with key 661. Decryption c^)crations 657, 

file or files are then encrypted utilizing an encryption 663generateacleartextversionof key file 653 and machine 

operation whidi is keyed with a key which is derived from 35 identification file 655. Once the clear text is obtained, the 

a unique system attribute of the target con^ter. export counter which is contained within key file 653 is 

In the alternative embodiment the transferrable memory modified in accordance with block 661, For exair^le, if this 

media is loaded onto the target compter to obtain from the is the seventh permitted export operation out of ten permis- 

taigct computcar import file a transfer key which is uniquely siblc operations, the oountex might read *'7:10'*. The dear 

associated with the target computer, and whidi may be 60 text version of key file 653 is supplied as an input to 

derived from one or more unique system attributes of the encryption operation 669, Encryption operation 669 may be 

target computer. The memcay media is then transferred to any conventional encryption operation (such as the DES 

the source conq)uter, where the one or more key files arc algorithm), which is keyed with a memory media attribute 

decrypted, and tiien encrypted utilizing the transfer key. Ihe 665 which is unique to a memory media which is coupled to 

memory media is then carried to the target computer where 63 source con:q)utcr 651. which has been subjected to modifi- 

the transfer key is generated and utilized in a decryption cation of modifier 667. For example, a uiuque disk^ serial 

operation to decrypt the one or more key files. Preferably, number may be supplied as die "memory media attribute" 
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which is unique to memory media 677. The diskette serial 31, and em^iasizc several of the inqwrtant features of the 
number is modified ID accordance with modifier 667 to alter present invention. As is shown, source computer 801 
it slightly, and supply it as an input to encryption operations includes machine identification file 803 which is encrypted 
669. The same operation is performed for the clear text of with a system attribute key which is unique to the source 
machine identification file 655. A unique memory media 5 computer 801. The machine identification file includes 
attribute 671 is modified by modifier 673 and utilized as a machine identification file number as well as count of the 
key for encryption (^ration 675, which may comprise any number of exports allowed for each protected software 
conventional encryption operation, such as the DES opera- product, and a count of the total number of exports ^^Wch 
tion. Finally, the ou^l of encryption operations 669 and have been utilized. For example, the first export operation 
675 arc supplied as inputs to copy operations 679, 681 which lo carries a count of "1:10". which signifies that one export 
copy the encrypted key file 653 and machine identification operation of ten permitted export operations has occurred. In 
file 655 to memory media 677. the next export operation, the counter is incremented to 
FIG. 31 is a block diagram depiction of an import "2:20" which signifies diat two of the total number of ten 
operation. Memory media 677 (of FIG. 30) is physically permitted export operations has occurred. Each target corn- 
removed from source computer 651 (of FIG. 30) andphysi- 15 puter which receives the results of the export opeiation is 
cally carried over to computer 707 (of FIG. 31); tagged with this particular counter value, to identify that it 
alternatively, in a distributed data processing systent this is the recipient of a particular export operation. For example, 
transfer may occur without the physical removal of memory one source computer system may carry a counter value of 
media 677. With reference now to FIG. 31, in accordance "1:10*". which signifies that it is the recipient of die first 
with block 683. the machine identification of the target 20 export c^eration of ten permitted export operations. Yet 
machine is copied to memory media 677 to maintain a another target con^nita may carry the counter value of 
record of which particular target computer received the key *7:10", which signifies that this particular target compute 
file and machine identification file. Then, in accordance with received the seventh export operation of a total of ten 
blocks 685, 693 the encrypted key file 653 and machine permitted export operations. In this fashion, the target corn- 
identification file 655 arc copied from die memory media to 25 puter maintains a count of a total number of used export 
target coii4>uter 707. The encrypted key file 653 is supplied operations, while the source computers each cany a different 
as an input to decryption operation 689 which is keyed widi counter value which identifies it a the recipient of the 
key 687. Decryption operation 689 reverses the encryption machine identification file and key file from the source 
operation of block 669, and provides as an output a clear text computer from particular ones of the plurality of permitted 
version of key file 653. Likewise, machine identification file 30 export operations. 

655 is supplied as an input to decryption operation 697, Note diat in source computer 801 machine identification 

whidi is keyed with key 695. Decryption operation 697 file 803 and key file 805 are encrypted with an encryption 

reverses the encryption of encryption operation 675 and algoridun which utilizes as a key a system attribute which is 

provides as an output the clear text of machine identification unique to source computer 801; however, once machine 

file 655. In accordance with block 691, the machine idcn- 35 identification file 803 and key file 805 are transferred to a 

tification of the source computer 651 is retrieved and memory media, such as expert key diskette 807, machine 

recorded in mem(Hy in the clear text of key file 653. Next identification file 809 and key file 811 are encryi^d in any 

die clear text of key file 653 is suj^lied as an input to conventional encryption operation which utilizes as an 

encryption operation 699. Encryption opoTition 699 is a encryption key a unique diskette attribute, such as the 

conventional encryption operation, such as the DES 40 diskette's serial number. This minimizes the possibility that 

operation, which is keyed with a target computer unique the content of the machine ID file 809 and/or key file 811 can 

attribute, such as the machine identification or modified be cc^ied to another disk^te or ottier memory media and 

machine identification for the target computer 707. The clear then utilized to obtain unauthorized access to die software 

text of raadiine identification file 655 is supplied as an input products. This is so because for an effective transfer of the 

to encryption operation 703. Encryption operation 703 is 45 content of machine ID file 809 and key file 811 to a target 

any conventional encryption operation, such as the DES computer to occur, the target computer must be able to read 

encryption operatioD, which is keyed with a unique targ^ and utilize the unique diskette attribute from the export key 

coit^uter attribute 705, such as machine identification or diskette 807. Only when the machine ID file 809 and key file 

modified machine identification of target computer 707. The 811 are p-esented to a target computer on the diskette onto 

ou^ut of encryption operation 699 produces an encrypted 50 which these items were copied can an effective transfer 

key file 709 whi<li includes a produa key (whidi is the same occur. The presentation of the machine ID file 809 and key 

temporary product key of key file 653 of source computer file 811 on a diskette other than export key diskette 807 to 

651), a customer numt>er (which is the same customer a potential target computer will result in the transfer of 

number of key file 653 of source con^uter 651), and clear meaningless information, since the unique attrilHite of 

machine identification (which is the machine identification 55 export key diskette 807 (such as the diskette serial number) 

for target computer 707, and not that of source conq)uter is required by the target compute in order to successfully 

651). trial interval data (which is identical to the ttail interval accon^lish the decryption o|^ration. 

dataofkeyfile653of source 651), and an identification of As is shown in FIG. 33, export key diskette 807 is 

the machine identification of the source computer 651. The presented to target computer 813. Of course, the madiine 

output of encryption operation 703 defines machine identi- 60 identification file 809 and key file 811 are in encrypted form, 

fication file 711. which includes the machine identification In the transfer from export key diskette 807 to target 

of the target con^xiter 707 (and not that of the source computer 813, the content of machine ID file 809 is updated 

computer 651), and the trial interval data (which is identical with the madiine identification of the target computer 813, 

to that of machine identification file 655 of source computer and the count of imports utilized. In accomplishing the 

651). 65 transfer to target computer 813, a machine identification file 

FIGS. 32 and 33 provide alternative views of the import 815 is constmctcd which includes a number of items such as 
and export operations which are depicted in FIGS. 30 and machine identification for the target computer 813, customer 
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infonnation, as well as a list of tiie machine identiJicatioD 1655 are cnoTpted with any conventional encryption opera- 

number of the source computer 801. Both machine identi- tion (such as the DES algcdthm). which is keyed with a key 

ficatioD file 815 and the key file 817 arc encrypted utilizing which is derived from a unique system attribute of source 

a conventional encryption operation which uses as a key a computer 1651, At the commencement of an export 

unique attribute of target computer 813. This ties machine 5 operation, key file 1653 and machine identification file 1655 

identification file 815 and key file 817 to die particular target arc decrypted. Key file 1653 is supplied as an input to 

computer 813. decryption operation 1657 which is keyed with key 1659. 

By using an export/import counter to keep track of the Likewise^ machine identification file 1655 is supplied as an 

total number of authorized export/imp<Mt operations, and the input to decryption operation 1663 which is keyed with key 

total number of used cxport/inqwrt operations, the present lO 1661. Dcayption operations 1657, 1663 generate a clear 

invention creates an audit trail which can be utilized to keep text version of key file 1653 and machine identification file 

track of the distribution of software products during the trial 1655. Once the clear text is ol>tained, the export counter 

interval. Each source con^ter will carry a record of the which is contained within key file 1653 is modified in 

total number of export operations which have been per- accordance with block 1661. For example, if this is die 

formed. Each source computer will carry a record of which 15 seventh permitted export operation out of ten permissible 

particular export/import operation was utilized to transfer operations, the counter might read *7:10". The dear text 

one or mere protected software products to the target com- version of key file 1653 is supplied as an input to encryption 

puter. The memory media utUized to accon4)lish the transfer operation 1669. Encryption <^)eration 1669 may be any 

(such as a diskette, or group of diskettes) will carry a conventional encryption operation (such as the DES 

permanent record of the maclUne identification numbers of 20 algorithm), which is keyed with the transfer key 1665 which 

both the source conqxiter and the target computer's iitilized was previously obtained. The same c^)eration is performed 

in all exportAmpoit operations. for the clear text of machine identification file 1655. Transfer 

The procedure for implementing export and import opera- key 1671 is utilized as a key fw encryption operation 1675. 

tions ensures that the protected software products are never whid) may comprise any conventional encryption operation, 

exposed to unnecessary risks. When the machine identifi- 25 sudi as the DES (^)eration. Finally, the output of encryption 

cation file and key file are passed from toe source computer operations 1669 and 1675 are supplied as inputs to copy 

to the export diskette, they are encrypted with the unique operations 1679. 1681 which copy the encrypted key file 

attribute of the export diskette which prevents or inhibits 1653 and machine identification file 1655 to raem<^ media 

copying of the export diskette or posting of its contents to a 1677. 

bulletin board as a means for illegally distributing the keys. 30 FIG. 35 is a block diagram depiction of an import 

During the int^rt operations, the machine identification and (^>eration. Memory media 1677 (of FIG. 34) is physically 

key files are encrypted with system attributes which are removed from source consputer 1651 (of FIG. 34) and 

unique to the target con^ter to ensure that the software physically carried over to con:^ter 1707 (of FIG. 35); 

products arc maintained in a manner which is consistent alternatively, in a distributed data processing system, this 

with the security of the source conqxiter. except that those 35 transfer may occur without the physical removal of memory 

software products are encrypted with attributes which arc media 1677. Widi reference now to FIG. 35. in accordance 

unique to the target con^ter, thus preventing illegal copy- with block 1683. the machine identification of the target 

ing and posting of the keys. machine is copied to memory media 1677 to maintain a 

The second embodiment of die cxp<Hl/import function is record of which particular target computer received the key 

depicted in block diagram form in FIGS. 34 and 35. In broad 40 file and machine identification file. Then, in accordance witfi 

overview, mem^y media 1677 is first utilized to interact blocks 1685. 1693 the encrypted key file 1653 and machine 

with target computer 1707 to obtain from target computer identification file 1655 are copied from the memory media 

1707 a transfer key which is unique to target con^ter 1707. to target computer 1707. The encrypted key file 1653 is 

and which is preferably derived from one or more unique supplied as an input to decryption operation 1689 which is 

system attributes of target computer 1707. The transfer key 45 keyed with key 1687. Decryption operation 1689 reverses 

may be a modification of the machine identification for the encryption operation of block 1669. and provides as an 

target computer 1707. Next, the memory media 1677 is ou^t a clear text version of key file 1653. Likewise, 

utilized to interact with source computer 1651 in an export machine identification file 1655 is supplied as an ii^ut to 

mode of <^)eration. wherein key file 1653 and madune decryption operation 1697, which is keyed with key 1695. 

identification file 1655 are first decrypted, and then 50 Decryption operation 1697 reverses the encryption of 

encrypted utilizing the transfer key. encryption operation 1675 and provides as an output the 

FIG. 34 is a block diagram depiction of an expert opera- clear text of machine identification file 1655. In accordance 

tion in accordance with the preferred embodiment of the with block 1691. the machine identification of the source 

pg-esent invention. As is shown, source computer 1651 coii^)Utcr 1651 is retrieved and recorded in memory in the 

includes a key file 1653 and a madune identification file 55 clear text of key file 1653. Next the clear text of k^ file 

1655. Key file 1653 Includes the product key, the customer 1653 is supplied as an input to encryption operation 1699. 

key, the clear text of the machine identification for source Encryption operation 1699 is a conventional encryption 

con^uter 1653. trial interval data (such as a dock and/or c)>eration, such as the DES c^xa-ation. which is keyed with 

counter which define the trial interval period), and an expwt a target con^Miter unique attribute, such as the machine 

counter which performs the dual functions of defining the 60 identification cm* modified machine identification for the 

maximum number of export operations allowed for the target coii9>uter 1707. The clear text of machine identifica- 
particular protected software products and keeping track oS tion file 1655 is supplied as an input to encryption operation 

die total number of export operations which have been 1703. Encryption operation 1703 is any conventional 

acconaplished. The machine identification file indudes tfie encryption operation, such as the DES encryption operation, 

machine identification number and trial interval data (such 65 which is keyed with a unicjue target computer attribute 1705, 

as a clock and/or counter which defines the trial interval such as aiachlne identification or modified machine ideoti- 

pcriod). Both key file 1653 and machine identification file fication of target computer 1707. The output of encryption 
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operation 165^9 fffoduccs an encrypted key file 1709 which 
includes a product key (which is the same temporaiy product 
key of key file 1653 of source computer 1651). a customer 
number (which is the same customer number of key file 
1653 of source computer 1651). and clear machine identi- 
fication (which is the machine identification for target com- 
puter 1707. and not that of source con^utcr 1651). trial 
interval data (which is identical to the trail interval data of 
key file 1653 of source 1651). and an identification of the 
machine identification of the source computer 1651. TTie 
output of encryption operation 1703 defines madiine iden- 
tification file 1711. which includes the machine identifica- 
tion of the target computer 1707 (and not that of the source 
computer 1651). and the trial interval data (which is iden- 
tical to tfiat of machine identification file 1655 of source 
computer 1651). 

While the invention has been particularly shown and 
described with reference to a preferred embodiment, it will 
be understood by those skilled in die art that various changes 
in form and detail may be made therein without departing 
from die spirit and scope of the invention. 

We claim: 

1. At least one computer accessible memory medium in a 
data processing system for allowing a user to secure access 
to a particular file, comprising: 
a plurality of files which are accessible to die data 
processing systentL the particular file being on of the 
plurality of files; 
at least one encrypted file, which is one of the plurality of 
files, having a jweselected portion recorded in memc«y 
in a side file; 

monitoring means for monitoring for a user request for 

access to the particular file; 
receiving means for receiving die usct request for access 

to the particular file; 
transforming means for transforming the user request into 

a data processing system call for access to the particular 

file; 

determining means for determining whether the called file 
has an inserted decryption block; 

processing means for processing the called file in one 
manner if the called file has the inserted decryption 
block, and for processing the called file in a different 
manner if the called file docs not have the inserted 
decryption block, wherein the monitoring means, the 
receiving means, the txansfoiming means, the deter- 
mining means, and the processing means are part of a 
file manageroem program which is adapted to be func- 
tionally integrated widi an operating system of the data 
processing system, and wherein the inserted decryption 
block includes infcmoation which is utilized to decrypt 
the file which is inserted in the at least one encrypted 
file in lieu of the preselected portion. 
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2. An apparatus according to claim 1: 

wherein each of the at least one encrypted file has a 
particular file size; and 
^ wherein insertion of the decryption block does not change 
the particular file size for each of the at least one 
encrypted file. 

3. An apparatus according to daim 1. further comprising: 
means for maintaining the at least one encrypted file in an 

10 encrypted condition for an interval which defines a 

customer trial period; and 
means for replacing the preselected portion in the at least 

one encrypted file in Ucu of the decryption block; and 
means for decrypting the at least one encrypted file, 

4. An apparatus according to daim 1. wherein the decryp- 
tion block indudes: 

a unique identifier for each of the at least one encrypted 
file, and an address to the preselected portion far each 
20 of the at least one encrypted file. 

5. An apparatus according to daim 1. wherein the decryp- 
tion block indudes: 

a unique identifier for each of the at least one encrypted, 
file* and an address for a key file whidi contains 
25 decryption keys for each of the at least one encrypted 
file. 

6. An apparatus according to daim 1. wherein the decryp- 
tion block includes: 

a unique identifier for each of the at least one encrypted 
file, and a validation segment composed of an 
encrypted segment of each of the at least one encrypted 
file. 

7. An ^aratus according to daim 1. wherein the decryp- 
tion block includes: 

a unique identifier for each of the at least one encrypted 
file, and an identifier of which particular one of a 
plurality of available encryption operations has been 
utilized to encrypt the at least one encrypted file. 
^ 8. An apparatus according to claim 1. wherein the file 
management program is utilized to process the called file by 
performing at least oae of: 

(a) intercepting the called file; 

(b) utilizing the decryption block to retrieve an address for 
45 a key file and reading a key for die called file; 

(c) decrypting a validation segment of the decryption 
block, and comparing it to a selected segment of the 
called file, and continuing operations only if the 
decrypted validation segment matches the selected seg- 

50 ment; and 

(d) deciypting the called file at the same time as it is 
passed for further processing. 

***** 
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